Instead of using `wget `to resolve ip

[tianshuo]

We should use the alternative dig +short myip.opendns.com @resolver1.opendns.com which works on machines w/o wget

[Illusion65]

This is old, but since there are no replies, I'll answer. I switched to using that command (dig) for my IP resolution (for my display status bar) until I realized it didn't work through my VPN (ExpressVPN), so I switched to using curl and/or wget. I didn't look into the problem, it might be easy to fix/rewrite.

[rrotter]

DNS isn't ideal for this purpose since it's not normally encrypted and could be intercepted and even tampered with in transit. If the goal is just to avoid wget added support for using curl instead of wget would do the job. Even better would be using libcurl directly rather than running a shell command.

As a work around, since fwknop allows the ALLOW_IP to be set on the command line, you can just circumvent its resolver completely and use any other CLI tool to resolve your IP: fwknop --test --allow-ip=$(curl -fs https://whatismyip.akamai.com) fwknop --test --allow-ip=$(dig +short myip.opendns.com @resolver1.opendns.com) fwknop --test --allow-ip=$(curl -fs https://www.cipherdyne.org/cgi-bin/myip | tr -d '\r')

** https://www.cipherdyne.org/cgi-bin/myip prints windows line endings that need to be cleaned up